U.S. patent application number 15/829650 was filed with the patent office on 2019-03-28 for method and apparatus for verifying vehicle in inter-vehicular communication environment.
The applicant listed for this patent is Hyundai Motor Company, Kia Motors Corporation, Korea University Research and Business Foundation. Invention is credited to In Seon An, Dae Sung Hwang, Hyo Gon Kim, Tae Ho Kim, Tae Jun Lee, Dong Gyu Noh, Hahk Rel Noh, Jong Rok Park, Yong Tae Park, Cho Rong Ryu, Su Lyun Sung.
Application Number | 20190096144 15/829650 |
Document ID | / |
Family ID | 65638212 |
Filed Date | 2019-03-28 |
![](/patent/app/20190096144/US20190096144A1-20190328-D00000.png)
![](/patent/app/20190096144/US20190096144A1-20190328-D00001.png)
![](/patent/app/20190096144/US20190096144A1-20190328-D00002.png)
![](/patent/app/20190096144/US20190096144A1-20190328-D00003.png)
![](/patent/app/20190096144/US20190096144A1-20190328-D00004.png)
![](/patent/app/20190096144/US20190096144A1-20190328-D00005.png)
![](/patent/app/20190096144/US20190096144A1-20190328-D00006.png)
United States Patent
Application |
20190096144 |
Kind Code |
A1 |
Noh; Dong Gyu ; et
al. |
March 28, 2019 |
METHOD AND APPARATUS FOR VERIFYING VEHICLE IN INTER-VEHICULAR
COMMUNICATION ENVIRONMENT
Abstract
An apparatus for verifying a vehicle in an inter-vehicular
communication environment includes: a communication unit configured
to receive a basic safety message and a verification message from a
remote vehicle that is allowed to engage in inter-vehicular
communication; and a controller configured to determine that the
remote vehicle is reliable when the communication unit receives the
verification message from the remote vehicle at least a predefined
number of times over a predefined period of time, and to generate
permission to utilize the basic safety message received from the
remote vehicle when the controller determines that the remote
vehicle is reliable.
Inventors: |
Noh; Dong Gyu; (Dongducheon,
KR) ; Sung; Su Lyun; (Seoul, KR) ; Hwang; Dae
Sung; (Hwaseong, KR) ; Park; Jong Rok; (Seoul,
KR) ; Noh; Hahk Rel; (Bucheon, KR) ; Ryu; Cho
Rong; (Incheon, KR) ; Lee; Tae Jun;
(Gwangmyeong, KR) ; Kim; Hyo Gon; (Seoul, KR)
; Park; Yong Tae; (Uijeongbu, KR) ; An; In
Seon; (Seoul, KR) ; Kim; Tae Ho; (Goyang,
KR) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Hyundai Motor Company
Kia Motors Corporation
Korea University Research and Business Foundation |
Seoul
Seoul
Seoul |
|
KR
KR
KR |
|
|
Family ID: |
65638212 |
Appl. No.: |
15/829650 |
Filed: |
December 1, 2017 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04W 12/1006 20190101;
G08G 1/017 20130101; H04W 12/10 20130101; G08G 1/09675 20130101;
G08G 1/161 20130101; G08G 1/096791 20130101; H04W 12/00512
20190101; G07C 5/008 20130101; H04W 4/80 20180201; H04W 12/0609
20190101; H04W 4/46 20180201; H04W 12/00506 20190101 |
International
Class: |
G07C 5/00 20060101
G07C005/00; G08G 1/017 20060101 G08G001/017; H04W 12/10 20060101
H04W012/10 |
Foreign Application Data
Date |
Code |
Application Number |
Sep 22, 2017 |
KR |
10-2017-0122721 |
Claims
1. An apparatus for verifying a vehicle in an inter-vehicular
communication environment, the apparatus comprising: a
communication unit configured to receive a basic safety message and
a verification message from a remote vehicle that is allowed to
engage in inter-vehicular communication, wherein the communication
unit receives the basic safety message and the verification message
according to different communication schemes; and a controller
configured to determine that the remote vehicle is reliable when
the communication unit receives the verification message from the
remote vehicle at least a predefined number of times over a
predefined period of time, and to generate permission to utilize
the basic safety message received from the remote vehicle when the
controller determines that the remote vehicle is reliable.
2. The apparatus of claim 1, wherein the verification message
received from the remote vehicle includes a certificate digest of
the remote vehicle, a unique number of the remote vehicle, and a
unique number reception list of the remote vehicle.
3. The apparatus of claim 2, wherein the controller is further
configured to generate a second verification message including a
unique number reception list of a host vehicle, a certificate
digest of the host vehicle, and a unique number of the host
vehicle, and to control the communication unit to transmit the
generated second verification message to the remote vehicle.
4. The apparatus of claim 3, wherein the controller is further
configured to determine whether the remote vehicle is reliable
based on a number of times a verification message including the
unique number of the host vehicle is received from the remote
vehicle.
5. The apparatus of claim 4, wherein the controller is further
configured to generate a trust point based on the number of times
the verification message including the unique number of the host
vehicle is received from the remote vehicle, and to determine that
the remote vehicle is reliable when the calculated trust point
exceeds a threshold point.
6. The apparatus of claim 5, wherein the controller is further
configured to match the certificate digest of the remote vehicle,
the unique number of the remote vehicle, and the trust point of the
remote vehicle, and to record a result of the matching in the
unique number reception list of the second verification
message.
7. The apparatus of claim 5, wherein the controller is further
configured to subtract a predefined point from the calculated trust
point per one second.
8. The apparatus of claim 1, wherein the communication unit
includes: a first communication module configured to receive the
basic safety message from the remote vehicle, and to transmit a
second basic safety message to the remote vehicle; and a second
communication module configured to receive the verification message
from the remote vehicle, and to transmit a second verification
message to the remote vehicle.
9. The apparatus of claim 8, wherein the second communication
module is further configured to transmit the second verification
message based on short-range wireless communication.
10. The apparatus of claim 8, wherein a transmission distance of
the second verification message is shorter than the transmission
distance of the second basic safety message, and a transmission
period of the second verification message is longer than a
transmission period of the second basic safety message.
11. A method for verifying a vehicle in an inter-vehicular
communication environment, the method comprising: receiving, by a
communication unit, a basic safety message and a verification
message from a remote vehicle that is allowed to engage in
inter-vehicular communication, wherein the basic safety message and
the verification message are received according to different
communication schemes; determining, by a controller, that the
remote vehicle is reliable when the communication unit receives the
verification message from the remote vehicle at least a predefined
number of times over a predefined period of time; and generating,
by the controller, permission to utilize the basic safety message
received from the remote vehicle.
12. The method of claim 11, wherein the verification message
received from the remote vehicle includes a certificate digest of
the remote vehicle, a unique number of the remote vehicle, and a
unique number reception list of the remote vehicle.
13. The method of claim 12, wherein the determining that the remote
vehicle is reliable comprises: generating, by the controller, a
second verification message including a unique number reception
list of a host vehicle, a certificate digest of the host vehicle,
and a unique number of the host vehicle; and controlling, by the
controller, the communication unit to transmit the generated second
verification message to the remote vehicle.
14. The method of claim 13, wherein the determining that the remote
vehicle is reliable further comprises: determining, by the
controller, whether the remote vehicle is reliable based on a
number of times a verification message including the unique number
of the host vehicle is received from the remote vehicle.
15. The method of claim 14, wherein the determining that the remote
vehicle is reliable further comprises: generating, by the
controller, a trust point based on the number of times the
verification message including the unique number of the host
vehicle is received from the remote vehicle; and determining, by
the controller, that the remote vehicle is reliable when the
calculated trust point exceeds a threshold point.
16. The method of claim 15, wherein the determining that the remote
vehicle is reliable further comprises: matching, by the controller,
the certificate digest of the remote vehicle, the unique number of
the remote vehicle, and the trust point of the remote vehicle; and
recording, by the controller, a result of the matching in the
unique number reception list of the second verification
message.
17. The method of claim 15, further comprising subtracting, by the
controller, a predefined point from the calculated trust point per
one second.
18. The method of claim 11, further comprising: receiving, by a
first communication module of the communication unit, the basic
safety message from the remote vehicle; transmitting, by the first
communication module, a second basic safety message to the remote
vehicle; receiving, by a second communication module of the
communication unit, the verification message from the remote
vehicle; and transmitting, by the second communication module, a
second verification message to the remote vehicle.
19. The method of claim 18, wherein the second verification message
is transmitted based on short-range wireless communication.
20. The method of claim 18, wherein a transmission distance of the
second verification message is shorter than the transmission
distance of the second basic safety message, and a transmission
period of the second verification message is longer than a
transmission period of second the basic safety message.
Description
CROSS-REFERENCE TO RELATED APPLICATION
[0001] This application claims the benefit of priority to Korean
Patent Application No. 10-2017-0122721, filed on Sep. 22, 2017 in
the Korean Intellectual Property Office, the disclosure of which is
incorporated herein in its entirety by reference.
TECHNICAL FIELD
[0002] The present disclosure relates to a method and an apparatus
for verifying a vehicle in an inter-vehicular communication
environment, and more particularly, to a technology of determining
trustability of a remote vehicle by using a verification message
based on short-range wireless communication in an inter-vehicular
communication environment.
BACKGROUND
[0003] V2X (Vehicle to Everything) communication includes V2V
(Vehicle to Vehicle) wireless communication, V2I (Vehicle to
Infrastructure) wireless communication, IVN (In-Vehicle
Networking), and V2P (Vehicle to Pedestrian) communication. IEEE
1609.2 is one of the V2X wireless communication standards which
defines a security framework. The security framework of IEEE 1609.2
defines a process of verifying a transmitter (in a vehicle) using
symmetric keys and asymmetric keys and by verifying the integrity
of a message transmitting process.
[0004] Verification in IEEE 1609.2 is a process of giving a
qualification for participation in inter-vehicular communication
and determining of the trustability of a message containing vehicle
information that is transmitted from a vehicle qualified for
participation in inter-vehicular communication is not be handled.
Accordingly, it is impossible to determine whether a message
transmitted by a vehicle that passed the verification process
defined in IEEE 1609.2 is trustable when the vehicle is allowed to
participate in inter-vehicular communication.
[0005] In other words, the vehicle verifying technology in
traditional inter-vehicular communication environment simply allows
for or forbids inter-vehicular communication, and cannot determine
whether vehicle information transmitted by a vehicle, to which
inter-vehicular communication is allowed, is trustable.
SUMMARY
[0006] The present disclosure is conceived to solve the
above-described problems of the related art. The present disclosure
provides a method and an apparatus for verifying a vehicle in an
inter-vehicular communication environment, in which it may be
determined whether information transmitted by a remote vehicle, to
which inter-vehicular communication is allowed, is trustable, by
verifying the remote vehicle using a verification message based on
short-range wireless communication.
[0007] The objects of the present disclosure are not limited to the
above-mentioned ones, and the other unmentioned objects and
advantages of the present disclosure will be understood by the
following description, and will be understood clearly by the
embodiments of the present disclosure. Further, it is noted that
the objects and advantages of the present disclosure will be
implemented through the means described in the claims and a
combination thereof.
[0008] In accordance with embodiments of the present disclosure, an
apparatus for verifying a vehicle in an inter-vehicular
communication environment includes: a communication unit configured
to receive a basic safety message and a verification message from a
remote vehicle that is allowed to engage in inter-vehicular
communication; and a controller configured to determine that the
remote vehicle is reliable when the communication unit receives the
verification message from the remote vehicle at least a predefined
number of times over a predefined period of time, and to generate
permission to utilize the basic safety message received from the
remote vehicle when the controller determines that the remote
vehicle is reliable.
[0009] The verification message received from the remote vehicle
may include a certificate digest of the remote vehicle, a unique
number of the remote vehicle, and a unique number reception list of
the remote vehicle.
[0010] The controller may be further configured to generate a
second verification message including a unique number reception
list of a host vehicle, a certificate digest of the host vehicle,
and a unique number of the host vehicle, and to control the
communication unit to transmit the generated second verification
message to the remote vehicle.
[0011] The controller may be further configured to determine
whether the remote vehicle is reliable based on a number of times a
verification message including the unique number of the host
vehicle is received from the remote vehicle.
[0012] The controller may be further configured to generate a trust
point based on the number of times the verification message
including the unique number of the host vehicle is received from
the remote vehicle, and to determine that the remote vehicle is
reliable when the calculated trust point exceeds a threshold
point.
[0013] The controller may be further configured to match the
certificate digest of the remote vehicle, the unique number of the
remote vehicle, and the trust point of the remote vehicle, and to
record a result of the matching in the unique number reception list
of the second verification message.
[0014] The controller may be further configured to subtract a
predefined point from the calculated trust point per one
second.
[0015] The communication unit may include a first communication
module configured to receive the basic safety message from the
remote vehicle, and to transmit a second basic safety message to
the remote vehicle; and a second communication module configured to
receive the verification message from the remote vehicle, and to
transmit a second verification message to the remote vehicle.
[0016] The second communication module may be further configured to
transmit the second verification message based on short-range
wireless communication.
[0017] A transmission distance of the second verification message
may be shorter than the transmission distance of the second basic
safety message, and a transmission period of the second
verification message may be longer than a transmission period of
the second basic safety message.
[0018] Furthermore, in accordance with embodiments of the present
disclosure, a method for verifying a vehicle in an inter-vehicular
communication environment includes: receiving, by a communication
unit, a basic safety message and a verification message from a
remote vehicle that is allowed to engage in inter-vehicular
communication; determining, by a controller, that the remote
vehicle is reliable when the communication unit receives the
verification message from the remote vehicle at least a predefined
number of times over a predefined period of time; and generating,
by the controller, permission to utilize the basic safety message
received from the remote vehicle.
[0019] The verification message received from the remote vehicle
may include a certificate digest of the remote vehicle, a unique
number of the remote vehicle, and a unique number reception list of
the remote vehicle.
[0020] The determining may include generating, by the controller, a
second verification message including a unique number reception
list of a host vehicle, a certificate digest of the host vehicle,
and a unique number of the host vehicle; and controlling, by the
controller, the communication unit to transmit the generated second
verification message to the remote vehicle.
[0021] Further, the determining may include determining, by the
controller, whether the remote vehicle is reliable based on a
number of times a verification message including the unique number
of the host vehicle is received from the remote vehicle.
[0022] Then, the determining may include generating, by the
controller, a trust point based on the number of times the
verification message including the unique number of the host
vehicle is received from the remote vehicle; and determining, by
the controller, that the remote vehicle is reliable when the
calculated trust point exceeds a threshold point.
[0023] The determining may include matching, by the controller, the
certificate digest of the remote vehicle, the unique number of the
remote vehicle, and the trust point of the remote vehicle; and
recording, by the controller, a result of the matching in the
unique number reception list of the second verification
message.
[0024] The determining may further include subtracting, by the
controller, a predefined point from the calculated trust point per
one second.
[0025] The method may further include: receiving, by a first
communication module of the communication unit, the basic safety
message from the remote vehicle; transmitting, by the first
communication module, a second basic safety message to the remote
vehicle; receiving, by a second communication module of the
communication unit, the verification message from the remote
vehicle; and transmitting, by the second communication module, a
second verification message to the remote vehicle.
[0026] The second verification message may be transmitted based on
short-range wireless communication.
[0027] Further, a transmission distance of the second verification
message may be shorter than the transmission distance of the second
basic safety message, and a transmission period of the second
verification message may be longer than a transmission period of
the second basic safety message.
BRIEF DESCRIPTION OF THE DRAWINGS
[0028] The above and other objects, features and advantages of the
present disclosure will be more apparent from the following
detailed description taken in conjunction with the accompanying
drawings:
[0029] FIG. 1 is a diagram of an example of an inter-vehicular
communication environment according to embodiments of the present
disclosure;
[0030] FIG. 2 is a block diagram of an example of an apparatus for
verifying a vehicle in an inter-vehicular communication environment
according to embodiments of the present disclosure;
[0031] FIG. 3 is a diagram of an example of a process of deriving a
threshold point calculating equation by an apparatus for verifying
a vehicle in an inter-vehicular communication environment according
to embodiments of the present disclosure;
[0032] FIG. 4 is a diagram of an example of a test environment of
an apparatus for verifying a vehicle in an inter-vehicular
communication environment according to embodiments of the present
disclosure;
[0033] FIG. 5 is a diagram of an example of a test result of an
apparatus for verifying a vehicle in an inter-vehicular
communication environment according to embodiments of the present
disclosure; and
[0034] FIG. 6 is a flowchart of an example of a method for
verifying a vehicle in an inter-vehicular communication environment
according to embodiments of the present disclosure.
[0035] It should be understood that the above-referenced drawings
are not necessarily to scale, presenting a somewhat simplified
representation of various preferred features illustrative of the
basic principles of the disclosure. The specific design features of
the present disclosure, including, for example, specific
dimensions, orientations, locations, and shapes, will be determined
in part by the particular intended application and use
environment.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0036] Hereinafter, embodiments of the present disclosure will be
described in detail with reference to the accompanying drawings.
Throughout the specification, it is noted that the same or like
reference numerals denote the same or like components even though
they are provided in different drawings. Further, in the following
description of the present disclosure, a detailed description of
known functions and configurations incorporated herein will be
omitted when it may make the subject matter of the present
disclosure rather unclear.
[0037] In addition, terms, such as first, second, A, B, (a), (b) or
the like may be used herein when describing components of the
present disclosure. The terms are provided only to distinguish the
elements from other elements, and the essences, sequences, orders,
and numbers of the elements are not limited by the terms. In
addition, unless defined otherwise, all terms used herein,
including technical or scientific terms, have the same meanings as
those generally understood by those skilled in the art to which the
present disclosure pertains. The terms defined in the generally
used dictionaries should be construed as having the meanings that
coincide with the meanings of the contexts of the related
technologies, and should not be construed as ideal or excessively
formal meanings unless clearly defined in the specification of the
present disclosure.
[0038] It is understood that the term "vehicle" or "vehicular" or
other similar term as used herein is inclusive of motor vehicles in
general such as passenger automobiles including sports utility
vehicles (SUV), buses, trucks, various commercial vehicles,
watercraft including a variety of boats and ships, aircraft, and
the like, and includes hybrid vehicles, electric vehicles, plug-in
hybrid electric vehicles, hydrogen-powered vehicles and other
alternative fuel vehicles (e.g., fuels derived from resources other
than petroleum). As referred to herein, a hybrid vehicle is a
vehicle that has two or more sources of power, for example both
gasoline-powered and electric-powered vehicles.
[0039] Additionally, it is understood that one or more of the below
methods, or aspects thereof, may be executed by at least one
controller. The term "controller" may refer to a hardware device
that includes a memory and a processor. The memory is configured to
store program instructions, and the processor is specifically
programmed to execute the program instructions to perform one or
more processes which are described further below. Moreover, it is
understood that the below methods may be executed by an apparatus
comprising the controller in conjunction with one or more other
components, as would be appreciated by a person of ordinary skill
in the art.
[0040] Referring now to embodiments of the present disclosure, FIG.
1 is a diagram of an example of an inter-vehicular communication
environment according to embodiments of the present disclosure, and
a description thereof will be made with reference to a host vehicle
100.
[0041] As illustrated in FIG. 1, the inter-vehicular communication
environment (system) according to the present disclosure includes a
host vehicle (HV) 100 and a plurality of remote vehicles (RVs) 200.
Then, the host vehicle 100 and the remote vehicles 200 travel on
the same road.
[0042] The host vehicle 100 transmits basic safety messages (BSMs)
including vehicle information thereof to the remote vehicles 200,
and the remote vehicles 200 transmit basic safety messages (BSMs)
including vehicle information thereof to the host vehicle 100.
Then, the vehicle information of the remote vehicles 200 is travel
information of the remote vehicles 200 located within a specific
distance from the host vehicle 100 while traveling on the same road
as the host vehicle 100, and includes information that is helpful
to a safe travel of the host vehicle 100.
[0043] For the sake of clarity, basic safety messages transmitted
by the remote vehicles 200 may be referred to herein as, simply,
"basic safety messages" (or BSMs), whereas basic safety messages
transmitted by the host vehicle 100 may be referred to herein as
"second basic safety messages" (or second BSMs). Similarly,
verification messages transmitted by the remote vehicles 200 may be
referred to herein as, simply, "verification messages," whereas
verification messages transmitted by the host vehicle 100 may be
referred to herein as "second verification messages."
[0044] The host vehicle 100 controls various safety systems mounted
on the host vehicle 100 based on the vehicle information received
from the remote vehicles 200. Here, the safety system includes a
smart cruise control (SCC) system, a lane departure warning system
(LDWS), a side obstacle warning system (SOWS), a collision
avoidance system, an automatic emergency braking (AEB) system, and
a lane keeping assist system (LKAS).
[0045] Meanwhile, an attack vehicle (AV) 300 that is located within
a specific distance from the host vehicle 100 but located outside
the road on which the host vehicle 100 travels is a vehicle, to
which inter-vehicular communication is allowed.
[0046] The vehicle information transmitted by the attack vehicle
300 is not helpful to travel of the host vehicle 100 at all, and
the safety of the travel of the vehicle cannot be secured if a
malicious user transmits false information to the host vehicle 100
through the attack vehicle 300.
[0047] According to the present disclosure, a message transmitted
by the attack vehicle 300 may be filtered by determining the attack
vehicle 100 that provides vehicle information that impedes safety
of the host vehicle 100 with a high precision.
[0048] According to the present disclosure, the host vehicle 100
and the remote vehicles 200 may include communication modules for
supporting vehicle to anything (V2X) wireless communication, and
the vehicle communication module may support mobile communication
such as WCDMA, LET, or Wi-Fi, and in particular, may support V2X
communication with another vehicle, a server in the internet,
another system or terminal through a wireless access in vehicular
environment (WAVE) wireless communication scheme. A wireless access
in vehicular environment (WAVE) wireless communication protocol,
which may be applied to the vehicle communication module, is a
combination of IEEE802.11p Standard and IEEE P1609 Standard, and is
one of the communication standards that may be utilized in
constructing various next-generation intelligent traffic systems by
supporting inter-vehicular high-speed communication and vehicle to
infrastructure communication. The WAVE communication method may use
relay of a road-side unit (RSU), but may directly support vehicle
to vehicle (V2V) communication. The vehicle communication module
that supports a WAVE communication scheme includes a physical layer
and a media access control (MAC) layer for supporting a
communication delay of 10 msec or less at a maximum vehicle speed
of 200 km/h, a communication radius of 1 km, a maximum transmission
speed of 54 Mbps, a use frequency of 5.850 to 5.925 GHz, a channel
bandwidth of 10 MHz, and 7 channels, and may secure high-speed
mobility.
[0049] In the V2X communication environment of the present
disclosure, the vehicle communication module may communicate with
an RSU or a server according to generation of a necessary signal to
transmit and receive necessary information through manipulation of
the user, such as the driver, or another method. In addition, the
vehicle communication module may be connected to various human to
machine interface (HMI) electronic devices, such as a mobile
communication terminal (e.g., a smartphone, a PDA, and a PDA) or a
navigation terminal mounted on the vehicle, which is used by the
user, and may communicate with an RSU or a server according to
generation of a necessary signal to transmit and receive necessary
information through manipulation through an HMI of the user, such
as the driver, or another method. The vehicle communication module
may include a user interface and may communicate with an RSU or a
server according to a request by the user to transmit and receive
information.
[0050] FIG. 2 is a block diagram of an example of an apparatus for
verifying a vehicle in an inter-vehicular communication environment
according to embodiments of the present disclosure, and the vehicle
verifying apparatus may be mounted all vehicles, to which
inter-vehicular communication is allowed and the vehicle verifying
apparatus mounted on the host vehicle 100 will be referenced. In
addition, it is assumed that the host vehicle 100, inter-vehicular
communication is allowed to all of the remote vehicles 200, and the
attack vehicle 300 through authentication.
[0051] As illustrated in FIG. 2, the apparatus for verifying a
vehicle in an inter-vehicular communication environment according
to the present disclosure includes a communication unit 10, a
controller 20, and a storage 30.
[0052] In a description of the elements, the communication unit may
include a first communication module 11 configured to transmit and
receive basic safety messages (BSMs) to and from the remote
vehicles 200, and a second communication module 12 configured to
transmit and receive verification messages to and from the remote
vehicles 200.
[0053] Here, the basic safety message refers to a message including
vehicle information, and the verification message refers to a
message including verification information (a certificate digest, a
unique number, and a natural list reception list). Then, the
certificate digest is a kind of a data format and may be realized
by a hash value of 32 bytes, and the unique number reception list
refers to a list in which unique number of vehicles (terminals)
that transmitted verification message is recorded.
[0054] The first communication module 11 transmits and receives a
basic safety message based on a wireless access in vehicular
environment (WAVE) communication scheme that is a kind of a
dedicated short-range communication (DSRC) technology. As an
example, the first communication module 11 may transmit a basic
safety message (i.e., second basic safety message) at a
transmission power of 23 dBm and a transmission period of 10 Hz (10
times per one second).
[0055] The second communication module 12 transmit and receive a
verification message to and from the remote vehicles 200 based on a
short-range communication scheme. The second communication module
may support short-range communication by using at least one of
Bluetooth.TM., radio frequency identification (RFID), infrared data
association (IrDA), ultra wideband (UWB), ZigBee, near field
communication (NFC), wireless-fidelity (Wi-Fi), Wi-Fi Direct,
wireless universal serial bus (USB) technologies. As an example,
the second communication module 12 may transmit a second
verification message at a transmission power (low power) of 9 dBm
and a transmission period of 7 Hz (7 times per one second). The
transmission distance of the second verification message is shorter
than the transmission distance of the second basic safety
message.
[0056] Next, the controller 20 performs an overall control such
that the elements may normally perform their functions.
[0057] Further, the controller 20 may determine whether information
transmitted by the remote vehicles, to which inter-vehicular
communication is allowed, is trustable by verifying the remote
vehicles by using a verification message based on short-range
wireless communication in an inter-vehicular communication
environment. That is, the controller 20 determines a remote vehicle
200 located in a communication area of the second communication
module 12 for a specific period of time as a trustable vehicle, and
accordingly, determines that the basic safety message transmitted
by the trustable remote vehicle 200 as a trustable basic safety
message.
[0058] Further, the controller 20 may permit the basic safety
message (vehicle information) transmitted by the trustable remote
vehicle 200 to be utilized in various systems.
[0059] Hereinafter, a process of verifying a remote vehicle 200 by
the controller 20 will be described in detail.
[0060] 1) A process of transmitting a verification message (i.e.,
second verification message) to a remote vehicle 200 by the
controller 20:
[0061] The controller 20 receives a verification message from a
remote vehicle 200 through the second communication module 12 in
the communication unit 10, and records a unique number of the
remote vehicle 200 included in the received verification message in
a unique number reception list. Then, the unique number reception
list of the host vehicle 100 is stored in the storage 30. Further,
while the remote vehicle 200 is located in a communication area of
the second communication module 12 of the host vehicle 100, the
host vehicle 100 periodically receives a verification message from
the remote vehicle 200.
[0062] Thereafter, the controller 20 generates a second
verification message including a certificate digest of the host
vehicle 100, a unique number of the host vehicle 100, and a unique
number reception list of the host vehicle 100 and transmits the
verification message to the remote vehicle 200. Then, while the
remote vehicle 200 is located in a communication area of the second
communication module 12 of the host vehicle 100, the host vehicle
100 periodically transmits a second verification message to the
remote vehicle 200.
[0063] 2) A process of managing a trust point of a remote vehicle
200 by the controller 20:
[0064] The controller 20 receives a verification message from a
remote vehicle 200 through the second communication module 12 in
the communication unit 10, and identifies whether a unique number
of the host vehicle 100 is included in a unique number reception
list of the remote vehicle 200 included in the received
verification message. This is a process of identifying whether the
host vehicle 100 has transmitted a verification message to the
remote vehicle 200 before.
[0065] Thereafter, if the unique number of the host vehicle 100 is
included in the unique number reception list of the remote vehicle
200, the controller 20 adds one point to a trust point used to
determine the trustability of the remote vehicle 200.
[0066] Thereafter, the controller 20 records a certificate digest
of the remote vehicle 200, a unique number of the remote vehicle
200, and a trust point of the remote vehicle 200 in the
verification message reception list.
[0067] Thereafter, the controller 20 determines whether the
accumulated trust point of the remote vehicle 200 on the
verification message reception list exceeds a predefined threshold
point, and determines that the remote vehicle 200 is trustable if
the accumulated trust point exceeds the predefined threshold
point.
[0068] Meanwhile, the controller 20 subtracts one point from the
trust points of the remote vehicles 200 periodically (for example,
in unit of one second). This is not to trust even a remote vehicle
200 that has been trusted once if the trust point of the remote
vehicle 200 is not added continuously.
[0069] Hereinafter, a process of calculating a threshold point will
be described in detail with reference to FIG. 3.
[0070] FIG. 3 is a diagram of an example of a process of deriving a
threshold point calculating equation by an apparatus for verifying
a vehicle in an inter-vehicular communication environment according
to embodiments of the present disclosure.
[0071] As illustrated in FIG. 3, four sections {circle around (a)},
{circle around (b)}, {circle around (c)}, and {circle around (d)}
indicate sections in which the host vehicle 100 may receive a basic
safety message from the attack vehicle 300. A reference for
determining whether the attack vehicle 300 is trustable in each
section follows whether the unique number of the host vehicle 100
is recorded in the unique number reception list of the attack
vehicle 300.
[0072] In section {circle around (a)}, the host vehicle 100 is
located within a specific distance dw from remote vehicle A 201,
and similarly, remote vehicle A 201 is located within a specific
distance dw from the attack vehicle 300. Further, the attack
vehicle 300 is located farther than the specific distance dw from
the host vehicle 100, but is located closer than two times
2.times.dw of the specific distance.
[0073] Remote vehicle A 201 receives a verification message (i.e.,
second verification message) of the host vehicle 100, and records
the unique number of the host vehicle 100 included in the
verification message of the host vehicle 100 in the unique number
reception list of remote vehicle A 201.
[0074] The attack vehicle 300 may receive the verification message
of remote vehicle A 201, and may record the unique number of remote
vehicle A 201 on the unique number reception list of remote vehicle
A 201 as well as the unique number of remote vehicle A 201 included
in the verification message of remote vehicle A 201, in the unique
number reception list of the attack vehicle 300. As a result, the
attack vehicle 300 may acquire the unique number of the host
vehicle 100 through remote vehicle A 201 although the attack
vehicle 300 actually has not received a verification message from
the host vehicle 100.
[0075] If the attack vehicle 300 transmits a verification message
of the attack vehicle 300 to the host vehicle 100 by changing
transmission power, the host vehicle 100 determines that the attack
vehicle 300 is trustable because the unique number of the host
vehicle 100 is recorded in the unique number reception list in the
verification message of the attack vehicle 300.
[0076] Because the host vehicle 100 determines that the attack
vehicle 300 is a trustable vehicle, the host vehicle 100 may
receive a basic safety message containing meaningless information
or false information from the attack vehicle 300.
[0077] Thereafter, if the host vehicle 100 travels and enters
section {circle around (b)}, the host vehicle 100 is located within
the specific distance dw from the attack vehicle 300. Because the
attack vehicle 300 may receive the verification message of the host
vehicle 100 while the host vehicle 100 moves in section {circle
around (b)}, the attack vehicle 300 may record the unique number of
the host vehicle 100 in the unique number reception list of the
attack vehicle 300.
[0078] If the attack vehicle 300 transmits the verification message
of its own, the host vehicle 100 that received the verification
message determines that the attack vehicle 300 is trustable because
the unique number of the host vehicle 100 is recorded in the unique
number reception list of the attack vehicle 300.
[0079] Because the host vehicle 100 determines that the attack
vehicle 300 is a trustable vehicle, the host vehicle 100 may
receive a basic safety message containing meaningless information
or false information from the attack vehicle 300.
[0080] In section {circle around (c)}, the host vehicle 100 is
located within a specific distance dw from remote vehicle B 202,
and remote vehicle B 202 is located within the specific distance dw
from the attack vehicle 300. Further, the attack vehicle 300 is
located farther than the specific distance dw from the host vehicle
100, but is located closer than two times 2.times.dw of the
specific distance.
[0081] Remote vehicle B 202 receives a verification message of the
host vehicle 100, and records the unique number of the host vehicle
100 included in the verification message of the host vehicle 100 in
the unique number reception list of remote vehicle B 202.
[0082] The attack vehicle 300 may receive the verification message
of remote vehicle B 202, and may record the unique number of remote
vehicle B 202 on the unique number reception list of remote vehicle
B 202 as well as the unique number of remote vehicle B 202 included
in the verification message of remote vehicle B 201, in the unique
number reception list of the attack vehicle 300. As a result, the
attack vehicle 300 may acquire the unique number of the host
vehicle 100 through remote vehicle B 202 although the attack
vehicle 300 actually has not received a verification message from
the host vehicle 100.
[0083] If the attack vehicle 300 transmits a verification message
of the attack vehicle 300 to the host vehicle 100 by changing
transmission power, the host vehicle 100 determines that the attack
vehicle 300 is trustable because the unique number of the host
vehicle 100 is in the unique number reception list of the attack
vehicle 300.
[0084] Because the host vehicle 100 determines that the attack
vehicle 300 is a trustable vehicle, the host vehicle 100 may
receive a basic safety message containing meaningless information
or false information from the attack vehicle 300.
[0085] Section {circle around (d)} indicates a section in which a
basic safety message may be received even when the host vehicle 100
is spaced apart from the attack vehicle 300 by a distance that
exceeds two times (2.times.dw) of the specific distance in
consideration of the speed and a message update time period of the
host vehicle 100.
[0086] While the host vehicle 100 moves to point V', the unique
number of the host vehicle 100 is left in the unique number
reception list of the attack vehicle 300. Then, V' indicates a
result (distance) obtained by multiplying the speed v of the host
vehicle 100 by an exchange period tup of the unique number.
[0087] If the attack vehicle 300 transmits a verification message
of the attack vehicle 300 to the host vehicle 100 by changing
transmission power, the host vehicle 100 determines that the attack
vehicle 300 is trustable because the unique number of the host
vehicle 100 is in the unique number reception list of the attack
vehicle 300.
[0088] The host vehicle 100 may receive a basic safety message
containing meaningless information or false information from the
attack vehicle 300 while the host vehicle 100 moves to point
V'.
[0089] Here, when a transmission frequency of a verification
message of the attack vehicle 300 is c Hz, the verification message
of the attack vehicle 300 may arrive even after 1/c seconds.
[0090] Accordingly, the distance d(tup) at which the host vehicle
100 may receive a basic safety message from the vehicle 300 while
the host vehicle 100 moves to point V' at a speed of v may be
represented in Equation 1 below.
d(tup)=v.times.(tup+1/c) [Equation 1]
[0091] Here, in Equation 1, v denotes the speed of the host vehicle
100, tup denotes the exchange period (time period) of a unique
number, and c denotes a verification message transmission frequency
of the attack vehicle 100.
[0092] As a result, the maximum distance dx at which the host
vehicle 100 may receive a basic safety message from the attack
vehicle 300 may be represented as in Equation 2 below.
dx=4.times.dw+v.times.(tup+1/c) [Equation 2]
[0093] Here, in Equation 2, dw denotes a distance of the section
(i.e., a transmission distance of the verification message).
[0094] Meanwhile, because the trust point of the attack vehicle 300
is subtracted by one point per one second when the transmission
period of the verification message is fw Hz, a maximum of (fw-1)
points may be obtained in one second. Further, a time period taken
when the host vehicle 100 moves at a speed of v becomes dx/v.
[0095] As a result, the threshold point .theta.H may be expressed
by a product of a maximum point of the remote vehicle 200, which
may be obtained by the host vehicle 100 in one second in section Dx
and a time period that is taken for the host vehicle 100 to move
section dx. This is as Equation 3 below.
.theta.H=(fw-1).times.dx/v [Equation 3]
[0096] Next, the storage 30 stores the verification message
reception list in which a certificate digest of the remote vehicle
200 and the unique number of the remote vehicle 200 included in the
verification message received from the remote vehicle 200, and the
trust point of the remote vehicle 200 calculated by the controller
20 are matched and recorded.
[0097] Further, the storage 30 may further store the unique number
reception list in which the unique number of the remote vehicle 200
included in the verification message received from the remote
vehicle 200 is recorded.
[0098] The storage 30 may include at least one type of storage
medium of a flash memory type, a hard disk type, a solid state disk
(SSD) type, a silicon disk drive (SDD) type, a multimedia card
micro type, or a card type memory (for example, an SD or XD
memory), a random access memory (RAM), a static random access
memory (SRAM), a read-only memory (ROM), an electrically erasable
programmable read-only memory (EEPROM), a programmable read-only
memory (PROm), a magnetic memory, a magnetic disk, and an optical
disk.
[0099] FIG. 4 is a diagram of an example of a test environment of
an apparatus for verifying a vehicle in an inter-vehicular
communication environment according to embodiments of the present
disclosure.
[0100] As illustrated in FIG. 4, the test was performed on a
four-lane highway, and a detailed condition thereof is as
follows.
[0101] A lane width of the highway is 3 m, an interval between
vehicles is 33.3 m, the speed of the vehicle is 120 km/h, a
transmission power of a basic safety message transmitted by the
attack vehicle 300 is 23 dBm, a transmission period of the basic
safety message transmitted by the attack vehicle 300 is 10 Hz, a
transmission power of the verification message transmitted by the
attack vehicle 300 is 9 dBm, and the transmission period of the
verification message transmitted by the attack vehicle 300 is 7
Hz.
[0102] It was observed whether the vehicle on the highway, to which
the present disclosure is applied, utilized the basic safety
message transmitted by the attack vehicle 300 in control while the
attack vehicle 300 is stopped and a distance dk between the attack
vehicle 300 and the highway is adjusted. Then, when a specific
vehicle on the highway utilizes the basic safety message
transmitted by the attack vehicle 300, it is called an attack
success. As an example, the basic safety message is false
information that reports that the vehicle is stopped at point
K'.
[0103] The result is as illustrated in FIG. 5.
[0104] FIG. 5 is a diagram of an example of a test result of an
apparatus for verifying a vehicle in an inter-vehicular
communication environment according to embodiments of the present
disclosure.
[0105] As shown in FIG. 5, the longitudinal axis indicates the
number of attack successes per one second and the transverse axis
indicates a distance between the attack vehicle 300 and the
highway. Then, the number of attack successes refers to the number
of vehicles that utilize the basic safety message transmitted by
the attack vehicle 300 in control.
[0106] Reference numeral 410 denotes the number of successes when
the present disclosure is not applied, and reference numeral 420
denotes the number of successes when the present disclosure is
applied.
[0107] When the present disclosure is not applied (410), it can be
seen that most vehicles utilize the basic safety message
transmitted by the attack vehicle 300 in control. Then, the reason
why the number of vehicles that utilize the basic safety message
transmitted by the attack vehicle 300 in control decreases at a
point of about 460 m is caused by the transmission distance of the
basic safety message, and it can be seen that the vehicle on the
highway cannot receive the basic safety message transmitted by the
attack vehicle 300 because the it completely deviates the
communication distance of the attack vehicle 300 if the attack
vehicle 300 is spaced apart from the highway by about 710 m.
[0108] Meanwhile, when the present disclosure is applied (420), it
can be seen that vehicles on the highway do not utilize the basic
safety message transmitted by the attack vehicle 300 in control
regardless of the distance.
[0109] FIG. 6 is a flowchart of an example of a method for
verifying a vehicle in an inter-vehicular communication environment
according to embodiments of the present disclosure.
[0110] First, the communication unit 10 transmits and receives a
basic safety message and a verification message to and from a
remote vehicle, to which inter-vehicular communication is allowed
(601).
[0111] Thereafter, when the verification message is received a
predefined number of times for a predefined period of time, the
controller 20 determines that the remote vehicle is trustable to
allow utilization of the basic safety message transmitted by the
remote vehicle (602).
[0112] According to embodiments of the present disclosure, it may
be determined whether information transmitted by a remote vehicle,
to which inter-vehicular communication is allowed, is trustable, by
verifying the remote vehicle using a verification message based on
short-range wireless communication in an inter-vehicular
environment.
[0113] The above description is a simple exemplification of the
technical spirit of the present disclosure, and the present
disclosure may be variously corrected and modified by those skilled
in the art to which the present disclosure pertains without
departing from the essential features of the present
disclosure.
[0114] Therefore, the disclosed embodiments of the present
disclosure do not limit the technical spirit of the present
disclosure but are illustrative, and the scope of the technical
spirit of the present disclosure is not limited by the embodiments
of the present disclosure. The scope of the present disclosure
should be construed by the claims, and it will be understood that
all the technical spirits within the equivalent range fall within
the scope of the present disclosure.
* * * * *